Skip to content

HADOOP-19503. Use jackson-bom to set jackson versions #8074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

HADOOP-19503. Use jackson-bom to set jackson versions #8074

wants to merge 1 commit into from
+4 −32

Conversation

@stoty
Copy link
Contributor

@stoty stoty commented Nov 11, 2025
edited
Loading

Description of PR

Use jackson-bom to set jackson versions.
This simplifies the build config, and also ensures that possible implicit transitive sub-modules
are also dependency managed to the same version.

How was this patch tested?

CI
Compared dependency:list output pre- and post-patch

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
  • Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

@stoty stoty mentioned this pull request Nov 11, 2025
Open
4 tasks
@hadoop-yetus
Copy link

hadoop-yetus commented Nov 11, 2025

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 14m 42s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 xmllint 0m 0s xmllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ trunk Compile Tests _
+0 🆗 mvndep 7m 0s Maven dependency ordering for branch
+1 💚 mvninstall 28m 18s trunk passed
+1 💚 compile 15m 39s trunk passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
+1 💚 compile 16m 8s trunk passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
+1 💚 mvnsite 1m 39s trunk passed
+1 💚 javadoc 1m 28s trunk passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
+1 💚 javadoc 1m 21s trunk passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
+1 💚 shadedclient 98m 30s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 32s Maven dependency ordering for patch
+1 💚 mvninstall 0m 53s the patch passed
+1 💚 compile 14m 56s the patch passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
+1 💚 javac 14m 56s the patch passed
+1 💚 compile 15m 59s the patch passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
+1 💚 javac 15m 59s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 mvnsite 1m 44s the patch passed
+1 💚 javadoc 1m 24s the patch passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04
+1 💚 javadoc 1m 22s the patch passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
+1 💚 shadedclient 33m 8s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 unit 0m 39s hadoop-project in the patch passed.
+1 💚 unit 1m 11s hadoop-yarn-applications-catalog-webapp in the patch passed.
+1 💚 asflicense 1m 2s The patch does not generate ASF License warnings.
183m 40s
Subsystem Report/Notes
Docker ClientAPI=1.52 ServerAPI=1.52 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8074/1/artifact/out/Dockerfile
GITHUB PR #8074
Optional Tests dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname Linux 91082cc7930a 5.15.0-156-generic #166-Ubuntu SMP Sat Aug 9 00:02:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / bc251eb
Default Java Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
Multi-JDK versions /usr/lib/jvm/java-21-openjdk-amd64:Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-17-openjdk-amd64:Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8074/1/testReport/
Max. process+thread count 616 (vs. ulimit of 5500)
modules C: hadoop-project hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8074/1/console
versions git=2.25.1 maven=3.9.11
Powered by Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

@steveloughran
Copy link
Contributor

steveloughran commented Nov 11, 2025

the main thing we need to do with aggregate imports is be confident that when a hadoop-* module imports a dependency d, and d depends on jackson-something, then our choice of jackson artifacts overrides whatever version of jackson-something that artifact d declared.

And that is, well, tricky.

If some hadoop module says I depend on jackson-bom 2.18 and so we get 2.18 jackson-core that way, it is coming in transitively, one two levels down the tree. If something downstream pulls in hadoop-common and a different jackson-core artifact, whether that different one comes in or not depends on depth down the tree which the artifact was declared (closest to root resolution, not newest version).
By importing via a bom.pom we're pushing our dependencies down one level.

That doesn't mean it's bad, only that it has consequences in version resolution, consequences which may surface downstream.

Note: maven 4 has explicit BOM artifacts; no idea what they bring here.
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Bill_of_Materials_.28BOM.29_POMs

@stoty
Copy link
Contributor Author

stoty commented Nov 11, 2025

If some hadoop module says I depend on jackson-bom 2.18 and so we get 2.18 jackson-core that way, it is coming in transitively, one two levels down the tree.

I don't think replacing the explicit dependency management entries with the imported BOM has any effect on downstream projects. The BOM itself does not get added as a parent of the jackson artifacts.

AFAIU importing the bom is equivalent to copying its dependencyManagement entries the dependencyManagement section, the hadoop artifacts will still have the same dependencies at the same level as before.

I have run dependency:tree on trunk and with this patch.
The only difference is that the transitive com.fasterxml.jackson.datatype:jackson-datatype-jsr310 and com.fasterxml.jackson.dataformat:jackson-dataformat-smile dependencies were previously not dependency managed, and with the patch they are.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build trunk YARN

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stoty @hadoop-yetus @steveloughran